This invention relates generally to a method and system for facilitating the identification, investigation, assessment and management of legal, regulatory financial and reputational risks (“Risks”). In particular, the present invention relates to a computerized system and method for banks and non-bank financial institutions to access information compiled on a worldwide basis and relate such information to a risk subject, such as a transaction at hand, wherein the information is conducive to quantifying and managing financial, legal, regulatory and reputational risk associated with the transaction.
As money-laundering and related concerns have become increasingly important public policy concerns, regulators have attempted to address these issues by imposing increasing formal and informal obligations upon financial institutions. Government regulations authorize a broad regime of record-keeping and regulatory reporting obligations on covered financial institutions as a tool for the federal government to use to fight drug trafficking, money laundering, and other crimes. The regulations may require financial institutions to file currency and monetary instrument reports and to maintain certain records for possible use in tax, criminal and regulatory proceedings. Such a body of regulation is designed chiefly to assist law enforcement authorities in detecting when criminals are using banks and other financial institutions as intermediaries for, or to hide the transfer of funds derived from, criminal activity.
Obligations include those imposed by the Department of the Treasury and federal banking regulators which adopted suspicious activity report (“SAR”) regulations. These SAR regulations require that financial institutions file SARs whenever an institution detects a known or suspected violation of federal law, or a suspicious transaction related to a money laundering activity or a violation of the Bank Secrecy Act (BSA). The regulations can impose a variety of reporting obligations on financial institutions. Perhaps most broadly relevant for the present invention, they require an institution to report transactions aggregating to $5,000 that involve potential money laundering or violations if the institution, knows, suspects, or has reason to suspect that the transaction involves funds from illegal activities, is designed to disguise such funds, has no business or legitimate purpose, or is simply not the sort of transaction in which the particular customer would normally be expected to engage, and the institution knows of no reasonable explanation for the transaction after examining the available facts.
For example, banks must retain a copy of all SARs and all supporting documentation or equivalent business records for 5 years from the date of the filing of the SAR. Federal banking regulators are responsible for determining financial institutions' compliance with the BSA and implementing regulations.
Federal regulators have made clear that the practical effect of these requirements is that financial institutions are subject to significant obligations to “know” their customer and to engage in adequate monitoring of transactions.
Bank and non-bank financial institutions, including: investment banks; merchant banks; commercial banks; securities firms, including broker dealers securities and commodities trading firms; asset management companies, hedge funds, mutual funds, credit rating funds, securities exchanges and bourses, institutional and individual investors, law firms, accounting firms, auditing firms, any institution the business of which is engaging in financial activities as described in section 4(k) of the Bank Holding Act of 1956, and other entities subject to legal and regulatory compliance obligations with respect to money laundering, fraud, corruption, terrorism, organized crime, regulatory and suspicious activity reporting, sanctions, embargoes and other regulatory risks and associated obligations, hereinafter collectively referred to as “Financial Institutions,” typically have few resources available to them to assist in the identification of present or potential risks associated with business transactions.
Risk can be multifaceted and far reaching. Generally, personnel do not have available a mechanism to provide real time assistance to assess a risk factor or otherwise qualitatively manage risk. In the event of problems, it is often difficult to quantify to regulatory bodies, shareholders, newspapers and other interested parties, the diligence exercised by the Financial Institution to properly identify and respond to risk factors. Absent a means to quantify good business practices and diligent efforts to contain risk, a Financial Institution may appear to be negligent in some respect.
Risk associated with an account involved in international transactions can be greatly increased due to the difficulty in gathering and accessing pertinent data on a basis timely to managing risk associated with the transaction. As part of due diligence associated with performing financial transactions, it may be important for a Financial Institution to “Know Their Customer” including whether a customer is contained on a list of restricted entities published by the Office of Foreign Access Control (OFAC), the Treasury Office or other government or industry organization.
What is needed is a method and system to draw upon information gathered and utilize the information to assist with risk management and due diligence related to financial transactions. A new method and system should anticipate offering guidance to personnel who interact with clients and help the personnel identify high risk situations. In addition, it should be situated to convey risk information to a compliance department and be able to demonstrate to regulators that a Financial Institution has met standards relating to risk containment.